>>> Quanah Gibson-Mount <[email protected]> schrieb am 25.09.2014 um 18:30 in Nachricht <9B8A217739A5294E4C5FADD4@[192.168.1.61]>: > --On Thursday, September 25, 2014 2:27 PM +0200 Ulrich Windl > <[email protected]> wrote: > >> Hi! >> >> I'd like to query userPassword attributes that don't start with "{SSHA", >> but it seems substring match doesn't work there. An addition I'd like to >> find those users that didn't change their password since the user was >> created, i.e. modifyTimestamp=createTimestamp, but I think that's not >> possible in a search filter as the right of '=' is interpreted literally, >> right? >> >> Any ideas? > > (modifyTimeStamp<=createTimestamp) should do it? Since modifyTimestamp can > never be less than createTimestamp, that will only return entries where > they are equal.
Hi! Isn't that equivalent to (modifyTimeStamp<="createTimestamp"), i.e. isn't createTimestamp interpreted literaly? Or does ldapsearch do some magic if it detects an LDAP attribute on the right side? Anyway, I tried it, but I get too many results, e.g. createTimestamp: 20140908062530Z modifyTimestamp: 20140908115510Z (Of course I know I could write some Perl to do the needed filtering, but it would be nice if the LDAP server could help...) Regards, Ulrich
